Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

The API is part of Google Play Services, Google said, and developers can now add the verification to mobile applications to distinguish between bots and human users.

The technology is more than a decade old and supplements authentication to a website. In the past, users had to decipher distorted text and enter it into a CAPTCHA to authenticate to a site. That evolved into identifying street signs and other images to prove to the application that a user was a human, and not an automated spammer or malicious program, for example.

The Android API will use Google’s Invisible reCAPTCHA, released this year, which now validates users in the background, forgoing the usual interaction users are familiar with.

“It will use our newest Invisible reCAPTCHA technology, which runs risk analysis behind the scene and has enabled millions of human users to pass through with zero click everyday,” said Wei Lu of Google’s reCAPTCHA team. “Now mobile users can enjoy their apps without being interrupted, while still staying away from spam and abuse.”

The Android API will be included with Google SafetyNet, a set of other security services and APIs that protect apps against device tampering, malicious URLs and harmful applications. The Safe Browsing API and Verify Apps API are also part of SafetyNet.

“Mobile developers can do both the device and user attestations in the same API to mitigate security risks of their apps more efficiently,” Lu said.

CAPTCHA systems are meant to be a barrier for spam bots and other automated crawlers. Humans were originally required to type in a word or phrase presented to them in a log-in dialogue box before being authenticated to the service. ReCAPTCHA’s release in 2007 was meant to simplify the experience for users.

A user’s reCAPTCHA experience requires clicking a checkbox attesting they are not a bot. Machine learning capabilities will either pass the user through or present a traditional CAPTCHA to ensure they are breathing person. Invisible reCAPTCHA does not require the checkbox, and only suspicious traffic is supposed to trigger a CAPTCHA verification requirement.

“The integration requires developers to set up Google Play services in their project and connect to Google API client before they invoke the reCAPTCHA API,” says a post on Google’s developer site. “This will either pass the user immediately (with No CAPTCHA) or challenge them to validate whether they’re human.”

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.